Scams have begun knocking on the doors of Apple customers. Whether it’s phishing on the App Store, iOS crash scam, or fitness apps that steal users’ money, Apple customers are apparently the current favorites with the hackers.
Phishing User Details
The Apple App Store scam is a classic phishing scam where users get an email with an invoice as a PDF attachment, apparently for a purchase confirmation from Apple. Since the email does not come with any links, it can easily bypass the email filters and users also mistake it for a genuine message. The content of the email is carefully crafted to set up the user into believing that her account may have been hacked if she gets an email about a suspicious app store purchase, and that she must consider unlocking the account through the Apple account management web-page
Also, PDF is usually considered a safe attachment, and users put their guards off to open the attachment. While the attachment itself does not carry malware, it consists of some shortened links. Once the user clicks on any of these links, she is redirected to a fake Apple account management web-page where she is requested for her username and password. On providing these details, the user is informed that her account has been locked for security reasons and she can unlock it using the Unlock Account button—reinforcing the message in the email.
When the user clicks the Unlock Account button, she is asked to provide personal information including name, address, phone number, email ID, payment information, and at times even passport and/or driving license numbers. After the user submits the information, she is informed that she will be logged out for security reasons and is then directed back to the correct Apple account management web-page. In the meanwhile, the hacker has stolen a treasure chest of the user’s personal information, which is later used to plan and execute numerous cyber crimes.
Phishing is on the rise and users must be cautious before trusting any email or attachment and/or sharing any personal information even if it appears to originate from a legitimate source. As a practice, instead of clicking embedded links—whether within the email or the attachment—users must type the correct link themselves, which can provide them with the tell-tale signs of an impending scam.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIN.